Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Government and Industry Collaboration: The Long Path to Trust and Sharing

Agencies are stepping up to the plate and contributing active intelligence to threat sharing programs, a big step on the long and challenging path to effective cybersecurity information sharing.

Both government and industry have recognized for years that cooperation is necessary to defend against increasingly sophisticated, organized and well-resourced cyber adversaries. Sharing of threat information has been hampered by a lack of trust, however. Companies often are reluctant to share with competitors and even with partners. And everyone has been reluctant to share with government, which has been hesitant to share with the private sector.

Effective information sharing is beginning to occur

But cracks finally are appearing in these walls and effective information sharing is beginning to occur. Government agencies are taking a more active part in sharing programs, and technical standards for sharing across broader communities of interest are being developed.

Overcoming the fear of Big Brother

The role of government in sharing security information has been problematic. The federal government operates large IT enterprises and is charged with defending the nation’s critical infrastructure, making it both a prime source and consumer of threat intelligence. But concerns about liability, privacy and competition have made companies reluctant to provide information to government. Agencies, in turn, have been unwilling to share their own sensitive information.

This has resulted in barriers to getting information into the hands of those who need it. Ron Gula, in an opinion piece for the Christian Science Monitor’s Passcode published in October 2015, advocated greater government transparency in its cybersecurity efforts, saying that “security through obscurity” is not an effective policy.

The Homeland Security Department’s Automated Indicator Sharing (AIS) program has recently emerged as an enabler for sharing. AIS is a voluntary hub for exchanging information among public and private sector organizations. It began receiving and disseminating threat indicators in March, and according to reports some 40 companies and 10 agencies have signed on with AIS.

The government’s willingness to give as well as receive goes a long way toward building trust

Interestingly, the agencies are supplying most of the information and companies primarily are consumers. This demonstration of the government’s willingness to give as well as receive goes a long way toward building trust.

Building on standards

Sharing works best in formal programs with trusted partners and established policies and practices. Toward this end, technical standards and best practices are being developed by both government and industry.

Sharing works best in formal programs with trusted partners and established policies and practices

One of the challenges of sharing cybersecurity intelligence is that it is likely to contain sensitive information that can reveal things about the source of the intelligence, resulting in risks to confidentiality, privacy and liability. To help limit these risks, the National Institute of Standards and Technology has released Special Publication 800-150, a Guide to Cyber Threat Information Sharing.

“By exchanging cyber threat information within a sharing community, organizations can leverage the collective knowledge, experience, and capabilities to gain a more complete understanding of the threats the organization may face,” the authors write. They provide a list of recommendations for establishing information-sharing programs, relationships and capabilities.

As NIST points out, info sharing works best within communities, and industry-specific Information Sharing and Analysis Centers (ISACs) have been operating since 1999. There now are more than 20 ISACs sharing information. The administration now has broadened the criteria defining an info-sharing community beyond industry sectors under a 2015 executive order. According to DHS, new Information Sharing and Analysis Organizations (ISAOs) will accommodate groups that do not fit neatly into the sector-based ISAC structure.

“ISAOs may allow organizations to robustly participate in DHS information sharing programs even if they do not fit into an existing critical infrastructure sector, seek to collaborate with other companies in different ways (regionally, for example), or lack sufficient resources to share directly with the government,” DHS said.

A new ISAO Standards Organization has published the first set of voluntary standards for setting up private-sector ISAOs.

Taking part

Continuing the progress on the path to information sharing requires participation. Contributing and using cybersecurity information not only can help improve your agency’s cybersecurity posture, but helps create a more secure cyber ecosystem. To learn more about the best practices and standards for information sharing, you can read the publications from NIST and the ISAO Standards Organization.

To participate, check the resources at the DHS Automated Indicator Sharing program or the National Council of ISACs. A series of public meetings and workshops are being held to kick off the new ISAOs. Learn more about them at DHS or the ISAO Standards Organization.

While much work remains, the cybersecurity balance seems to be tipping away from self-interest to cooperation and that’s a good thing. After all, we’re all in this together.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training